Malcore: Simple File Analysis
  • Malcore API docs
  • Packer Checking
  • Deep Static Analysis
  • PCAP diffing
  • Gather sections
  • Shellcode Emulation
  • Executable File Analysis
  • Binary Diffing
  • Script Analysis
  • Ransom Note Comparison
  • PCAP Analysis
  • Snort Rule Generation
  • Hash Checksum
  • Strings
  • Imports and Exports
  • Status Check
  • Yara Rule Scanning
  • Parse Exif Data
  • Domain Analysis
  • Threat Score
  • Execute From URL
  • Document File Analysis
  • URL Checking
  • Browser Extension Analysis
  • Android Permission Lookup
  • AndroidManifest Parsing
  • Phone Application Analysis
  • Dynamic Analysis
  • Threat Feed
  • AI Classifier
  • Scan Results Manipulation
Powered by GitBook
On this page
  • [ POST ] https://api.malcore.io/api/exif
  • Query Params
  • Headers
  • Request
  • Response

Parse Exif Data

[ POST ] https://api.malcore.io/api/exif

Parse the exif data out of the file


Query Params

  • filename1 file

Headers

  • apiKey string


Request

curl -X POST https://api.malcore.io/api/exif \
	-H "apiKey: MY-API-KEY" \
	-F "filename1=@calc.exe" \

Response

🟢 200

{
  "code_signature": "48 83 ec 28 e8 2b fa ff ff 48",
  "file_information": {
    "file_extension": "exe",
    "header_information": {
      "file_header_hexdump": "4d5a90000300000004000000ffff0000b8000000000000004000000000000000",
      "file_header_ascii": "MZ......................@.......",
      "file_header_crc32": "0x208ddfe",
      "offset": "0x0"
    },
    "file_description": "DOS MZ executable file format and its descendants (including NE and PE)"
  },
  "misc_information": {
    "subsystem": "Windows GUI",
    "linker_version": 14.2,
    "product_version": "10.0.19041.1",
    "warning": "Possibly corrupt Version resource",
    "entry_point": "0x1870",
    "language_code": "English (U.S.)",
    "file_version_number": "10.0.19041.1",
    "character_set": "Unicode",
    "subsystem_version": 10,
    "image_version": 10,
    "file_subtype": 0,
    "file_version": "10.0.19041.1 (WinBuild.160101.0800)",
    "os_version": 10,
    "company_name": "Microsoft Corporation",
    "internal_name": "CALC",
    "product_name": "Microsoft® Windows® Operating System",
    "pe_type": "PE32+",
    "file_os": "Windows NT 32-bit",
    "original_file_name": "CALC.EXE",
    "file_description": "Windows Calculator",
    "machine_type": "AMD AMD64",
    "object_file_type": "Executable application",
    "initialized_data_size": 25088,
    "file_flags_mask": "0x003f",
    "product_version_number": "10.0.19041.1",
    "legal_copyright": "© Microsoft Corporation. All rights reserved.",
    "image_file_characteristics": "Executable, Large address aware",
    "uninitialized_data_size": 0,
    "code_size": 3072
  },
  "signature_info": {
    "signature_results": [],
    "is_signed": false
  },
  "file_size": "27648",
  "compilation_timestamp": "Sep 24, 1971 04:02:24 PM",
  "mime_type": "application/x-msdownload"
}

🔴 400

{}
PreviousYara Rule ScanningNextDomain Analysis

Last updated 12 months ago